add crl missing url callback

cyassl/ctaocrypt/asn.h

@@ -382,11 +382,11 @@ CYASSL_LOCAL int  EncodeOcspRequest(DecodedCert*, byte*, word32);
 #endif /* HAVE_OCSP */
 
 
-#ifdef HAVE_CRL
+/* for pointer use */
-
-
 typedef struct RevokedCert RevokedCert;
 
+#ifdef HAVE_CRL
+
 struct RevokedCert {
     byte         serialNumber[EXTERNAL_SERIAL_SIZE];
     int          serialSz;

cyassl/ssl.h

@@ -798,10 +798,12 @@ CYASSL_API int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER*, CbMissingCRL);
 CYASSL_API int CyaSSL_EnableCRL(CYASSL* ssl, int options);
 CYASSL_API int CyaSSL_DisableCRL(CYASSL* ssl);
 CYASSL_API int CyaSSL_LoadCRL(CYASSL*, const char*, int);
+CYASSL_API int CyaSSL_SetCRL_Cb(CYASSL*, CbMissingCRL);
 
 CYASSL_API int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options);
 CYASSL_API int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx);
 CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int);
+CYASSL_API int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX*, CbMissingCRL);
 
 
 

cyassl/test.h

@@ -575,6 +575,16 @@ static int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
 #endif /* VERIFY_CALLBACK */
 
 
+#ifdef HAVE_CRL
+
+static void CRL_CallBack(char* url)
+{
+    printf("CRL callback url = %s\n", url);
+}
+
+#endif
+
+
 static INLINE void CaCb(unsigned char* der, int sz, int type)
 {
     printf("Got CA cache add callback, derSz = %d, type = %d\n", sz, type);

examples/client/client.c

@@ -210,6 +210,7 @@ void client_test(void* args)
 #ifdef HAVE_CRL
     CyaSSL_EnableCRL(ssl, 0);
     CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM);
+    CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
 #endif
     if (argc != 3)
         CyaSSL_check_domain_name(ssl, "www.yassl.com");

src/crl.c

@@ -144,8 +144,19 @@ int CheckCertCRL(CYASSL_CRL* crl, DecodedCert* cert)
 	if (foundEntry == 0) {
 		CYASSL_MSG("Couldn't find CRL for status check");
 		ret = CRL_MISSING;
-		if (crl->cm->cbMissingCRL)
+		if (crl->cm->cbMissingCRL) {
-			crl->cm->cbMissingCRL(NULL);
+			char url[256];
+
+			CYASSL_MSG("Issuing missing CRL callback");
+			url[0] = '\0';
+			if (cert->extCrlInfoSz < sizeof(url) -1 ) {
+				XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz);
+				url[cert->extCrlInfoSz] = '\0';
+			}
+			else 
+				CYASSL_MSG("CRL url too long");
+			crl->cm->cbMissingCRL(url);
+		}
 	}
 
 

src/ssl.c

@@ -1186,8 +1186,10 @@ int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format, int type,
     else {
         if (type == CA_TYPE && format == SSL_FILETYPE_PEM) 
             ret = ProcessChainBuffer(ctx, myBuffer, sz, format, type, ssl);
+#ifdef HAVE_CRL
         else if (type == CRL_TYPE)
             ret = BufferLoadCRL(crl, myBuffer, sz, format);
+#endif
         else
             ret = ProcessBuffer(ctx, myBuffer, sz, format, type, ssl, NULL,
                                 userChain);
@@ -1479,6 +1481,16 @@ int CyaSSL_LoadCRL(CYASSL* ssl, const char* path, int type)
 }
 
 
+int CyaSSL_SetCRL_Cb(CYASSL* ssl, CbMissingCRL cb)
+{
+    CYASSL_ENTER("CyaSSL_SetCRL_Cb");
+    if (ssl)
+        return CyaSSL_CertManagerSetCRL_Cb(ssl->ctx->cm, cb);
+    else
+        return BAD_FUNC_ARG;
+}
+
+
 int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options)
 {
     CYASSL_ENTER("CyaSSL_CTX_EnableCRL");
@@ -1509,6 +1521,16 @@ int CyaSSL_CTX_LoadCRL(CYASSL_CTX* ctx, const char* path, int type)
 }
 
 
+int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX* ctx, CbMissingCRL cb)
+{
+    CYASSL_ENTER("CyaSSL_CTX_SetCRL_Cb");
+    if (ctx)
+        return CyaSSL_CertManagerSetCRL_Cb(ctx->cm, cb);
+    else
+        return BAD_FUNC_ARG;
+}
+
+
 #endif /* HAVE_CRL */